Fable-5 for Codex is currently alpha software. Security fixes target the latest published alpha and main.
Please report security issues privately instead of opening a public issue with exploit details.
- GitHub: use private vulnerability reporting if available on the repository.
- Email: contact the maintainer listed on the GitHub profile or package metadata.
Include:
- affected version or commit
- reproduction steps
- impact
- whether credentials, secrets, private keys, or sensitive repository data may be involved
Do not paste raw secrets, private keys, API keys, wallet keys, or credential files into issues, PRs, examples, screenshots, benchmark outputs, or logs.
In scope:
- installer behavior
- plugin packaging
- skill instructions that could cause unsafe actions
- redaction and secret-handling failures
- misleading subagent, evidence, or workflow trace claims
Out of scope:
- private Full ECF runtime internals, which are not part of this public package
- vulnerabilities in unrelated repositories audited with this plugin